var express = require('express');
var router = express.Router();
var crypto = require('crypto');
var cryptoArithmetic = crypto.createHash('sha1');
var request = require('request');

var async = require('async');

var auth = require('../modules/auth');

var tomcatUrl = 'http://192.168.0.21:8080/test';

/* GET home page. */
router.get('/', auth.requiredAuthentication, function(req, res, next) {
	var username = req.session.username;

	res.render('index.ejs', {
		username: username
	});
});

router.get('/login', function (req, res, next) {
	res.render('login.ejs');
});

router.post('/login', function (req, res, next) {
	var username = req.body.username;
	var password = req.body.password;

	request({
		url: tomcatUrl + '/admin/username/' + username,
		method: 'get',
		json: true
	}, function(error, response, body){
		if (error) {
			res.send('服务器错误：', error);
		}else if (body.error) {
			res.send(body.error);
		}else{
			var db_pass = body.password;
			if (db_pass == password) {
				req.session.username = username;
				req.session.id       = body.id;
				req.session.typecode = body.typecode;

				res.redirect('/');
			}else{
				res.send('密码不正确');
			}
		}
	});
});

router.get('/logout', function (req, res, next) {
	req.session.destroy(function(err) {
		// cannot access session here
	});
	
	res.redirect('/login');
});

router.put('/account/password', auth.requiredAuthentication, function(req, res, next){
	var pass_present = req.body.present;
	var newPass      = req.body.willuse;
	var username = req.session.username;

	async.waterfall([
	    function(callback){
	        request({
	        	url: tomcatUrl + '/admin/username/' + username,
	        	method: 'GET',
	        	json: true
	        }, function(error, response, body){
	        	console.log('服务器返回来的：', error);
	        	if (error) {
	        		callback(error);
	        	}else if (body.error) {
	        		callback(body);
	        	}else{
	        		callback(null, body.password);
	        	}
	        });
	    },
	    function(passOld, callback){
	    	console.log('服务器返回来的当前密码：', passOld);
	    	if (passOld == pass_present) {
		        request({
		        	url: tomcatUrl + '/admin/password',
		        	method: 'PUT',
		        	json: true,
		        	qs: {
			        	username: username,
			        	password: newPass
			        },
		    	}, function(error, response, body){
		    		if (error) {
		    			callback(error);
		    		}else if (body.error) {
		    			callback(body);
		    		}else{
		    			callback(null, body);
		    		}
		        });
	    	}else{
	    		res.send({
	    			error: '密码不正确'
	    		});
	    	}
	    }
	],
	// optional callback
	function(err, results){
	    if(err){
	    	res.send({
	    		error: true,
	    		description: 'Server error. Please try again'
	    	});
	    }else{
	    	res.send({
	    		error: null
	    	})
	    }
	});

	
});


router.delete('/admin/:id', auth.requiredAuthentication, function(req, res, next){
	var adminToDeleteId = req.params.id;
	var adminToDeleteTypecode = req.query.typecode;

	var session = req.session;

	if (session.typecode==0) {
		res.send({
			error: true,
			description: '您无此权限'
		});
	}else if(adminToDeleteTypecode==1){
		res.send({
			error: true,
			description: '不可删除超级管理员'
		});
	}else if(session.id==adminToDeleteId){
		res.send({
			error: true,
			description: '不可以删自己'
		});
	}else{
        request({
        	url: tomcatUrl + '/admin/'+ adminToDeleteId,
        	method: 'DELETE',
        	json: true
    	}, function(error, response, body){
    		if (error || body.error) {
    			res.send({
    				error: true,
    				description: error || body.error
    			});
    		}else{
    			res.send({
    				error: null
    			});
    		}
        });
	}
});


module.exports = router;
